module.exports = class extends saas.controller {
  
  async _before() {
    const headers = this.request.headers;
    this.reply.header('Access-Control-Allow-Origin', headers.origin || "*");
    this.reply.header('Access-Control-Allow-Headers', "Origin, Token, Content-Type, Accept, X-Requested-With");
    this.reply.header('Access-Control-Allow-Methods', "GET,POST,PUT,DELETE,OPTIONS");
    this.reply.header('Access-Control-Allow-Credentials', true);
    this.reply.header('Access-Control-Expose-Headers', 'Token');
    const method = this.reply.request.raw.method; // 获取当前请求类型
    if (method === 'OPTIONS') {
      return this.success()
    }
    
    let token = headers.token;
    this.roleId = '';
    
    //检查api授权
    const permissionService = saas.service('permissionService');
    if (!await permissionService.checkPermission(this.roleId, this.request.raw.originalUrl)) {
      return this.fail(403, '此api未授权');
    }
  }
};
